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(54)llfle: METHOD OF HANDLING UNINTENDED SOFTWARE INTERRUPT EXCEPTIONS 
(57) Abstract 

Unintended software-interrupt-exceptions that are detected by the INTEL-80286 © or the INTEL-80386 © micropro- 
cessors whOe operating in the Protected-Mode and being known as interrupts 0, 4, 5, 6, 8, 12, 13, 16, are handled by using 
exclusively task-gates, by modifymg the task-state-segment of the interrupted task while the interrupt task runs to so that 
AFTER executing the interrupt return instruction at a system-central the user's task-specific exception handler can safely be 
caUed and by providing a method to exit the user-task-spedfic exception-handler for resuming the normal operation at an 
appropriate program point which the task has already passed before the exception occurred, which essentially consists of 
saving and retrieving all register values and stack data as were actual when the task passed that point in the regular process- 
ing. The same principle appUes to other processors witia exception detection capabiUty. A futural processor is conceived that 
provides mstmctions for assigning use-task-specific exception handlers, creating and jumping to recovery points. 
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1 - Description: 



Method of handLing unintended software interrupt 
exceptions: 

The invention refers to a method of handLing software 
interrupt exceptions which are not caused on purpose but 
occur due to errorprone programs that are particuLarLy 
processed on the lNTEL-80286 (TM) or INTEL-803a6 (TM) 
5 processor in case -triese processors operate in tl^e so 
caLLed PROTECTED MODE, u/l^eretDy xts tDasxc pr±nc±pLe can 
aLso be appLied to the exception handLing of unintended 
(software interrupt) exceptions of any other existing 
exception-detecting processor e.g. Like MOTOROLA'S 58020 
10 (TM) and whereby the method may even give the incentive 
for creating enhanced hardware processors that do support 
this method as weLL. 

The method is described in detaiL based on the INTEL 
80286 (TM) processor, 

15 Using the INTEL 80286 (TM) processor the utiLization of 
this invention may be appropriate for exceptions as may 
be due to 
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- Divxsxon by zero Cknouin as interrupt 0), 

- INTO -detected overf Low (known as interrupt 4), 
20 — exceeding a boundary range (known as interrupt 5), 

- invaLid Operation code (known as interrupt 6)^ 

- doubLe -fauLts (known as interrupt 8), 

- stack errors (known as interrupt 12^), 

- aLL kind o-f errors that can be categorized as 
Z5 generat protection errors (known as interrupt 13), 

processor extension errors (known as interrupt 16), 

which are by nature exceptions that are not intended on 
purpose. 

Based on the consideration that these exceptions are not 
30 errors by . their own but rather report errors that have 
been made at some other pLaces by wrong or missing 
high- L eve L— programming— Language statements this approach 
o-f handLing these exceptions wiLL not try to restart the 
-fauLty instruction but to provide -fuLL opportunity to the 
35 user task to investigate and deaL with the current 
situation in the LogicaL LeveL of the used high-LeveL- 
programming- Language and to provide the capabiLity to 
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resume the normaL operation therea-fter, no matter which 
o-f the Listed exception occured, yes, even i-f the 
40 compLete stack has been destroyed prior being reported by 
a stack error exception (interrupt IZ) . 

As is standard this invention pursues to caLt a user task 
specific exception handLer (see Literature "INTEL 286 
Operating System Writer'' s Guide" page 6-7 to 6-9) however 
50 cLaiming noveLty -for the way to do so highLighted by the 
execution o-P the interrupt return instruction before the 
user task specific exception handLer has even been 
caLLed. 

This is done to prevent that further exceptions that 
55 might be caused by the user task specific exception 
handLer can accrue to doubLe fauLts or even to processor 
shutdown • 

Furthermore this is done in a way so that the user task 
specific exception handLer can safeLy be reached and 
60 started, i.e. that no Leftover data due to the occured 
exception may cause additionaL exceptions nor that data 
is Left behind that might be troubLesome for the next 
exception. 

Dictated by the worst cases where an interrupt task gate 
55 is - def initeLy required, the soLution assumes to use an 
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interrupt, task gate in the interrupt descriptor tabLe -fon 
aLL above Listed interrupt numbers. The task gate may 
re-fer to a task descriptor in the gLobaL descriptor^ 
tabLe, which wiLL re-fer to a task state segment, which\ 
70 u/iUL re-fer to an interrupt task program. 

This interrupt task program may save aLL data about the 
occurance of the exception. Like the totaL stack segment 
o-f the interrupted task as weLL as the contents oir its 
task state segment (which means essentiaLLy aLL register 
75 vaLues), -for a Later -faiLure report — which is reasonabLe 
but not significant -for this invention ~, then using the 
ALIAS-descriptor technique modify the task state segment 
of the interrupted task, particuLarLy 

r- the fields for CS and IP so that by executing the 
80 interrupt return instruction the interrupted task 

wouLd continue . at a system centra L address, Lefs 
caLL it Z, 

— e.g. the fieLds for BX and CX so that by executing 
the interrupt return instruction the registers BX 
85 and CX wouLd contain the address of the user task 

spec±'f±c exception handLer (there are weLLknown 
ways how to assign/where to store/ from where to 
get the address of the user task specific exception 
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handLer) , 

90 - th© fioLds for DS and ES to any vaLid and present 

datasegment's seLector so that by executing the 
interrupt return instruction no task switch error 
(known as interrupt 10) may be caused by these 
fieLd entries, 

95 - the -field -for the dynamic SS entry by copying from 

the proper static SS entry with regard to the 
appropriate privilege LeveL 0 to 2, if this can be 
done unambiguously, - otherwise we may trust it and 
keep it as is, as the user program normally doesn^'t 
100 touch that value, 

- the fields for SP and BP to the limit value minus 1 
of the interrupted task's stacksegment so that 
g-p^3r- the return to the interrupted task new data 
can sa-fely be put into the stack, e.g. in order to 

105 execute the calling of the user task specific 

exception handler, 

- e.g. the fields for DX and SI to the address of 
the segment where we might have saved all above 
mentioned data concerning the occurance of the 

110 exception. 
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The Interrupt task program must aLso cLear the 
TASK_SWXTCHED bxt ±n the machine status word. The 
Interrupt task program or programs that is or that are 
reached via the task gates -for exception 6, IE, 13 must 
115 aLso pop the error code from the stack of the interrupt 
task prior switching back to the previousLy interrupted 
task. 

By executing the interrupt return instruction the 
previousLy interrupted task wiLL continue at the system 

120 centraL address (Z) so that from there on new vaLues may 
be safeLy entered into and read from the stack, whiLe aLL 
data that had been, written into the stack prior to the 
occurance of the exception wiLL be Lost and needs to be 
recovered by an unorthodox method - which is an essentiaL 

125 part of this invention as weLL. 

At the system centraL address Z the user task specific 
exception handLer is to be caLLed Cits address may be 
stored in the registers BX and CX), eventuaLLy provided 
with the input (parameter) of the address of the 
130 datasegment that contains the data about the occurance of 
-the exception^ unLess the user task hasn'^t been assigned 
the address of a specific exception handLer. Xn the 
Latter . case a system master exception handLer program may 
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be caLLed, by using a task gate, to provide more generaL 
135 reaction service - 

The user task specific exception handLer is supposed to 
investigate the current situation and deaL with the 
probLem appropriate Ly, to do this in the adequate LogicaL 
LeveL (normaLLy in the used high LeveL programming 

140 Language), then to determine the best suitabLe point of 
the task's program. Let's caLL it a recovery point, and 
to "dump" there, not dust by setting code segment 
register (CS) and instruction pointer register (IP) to 
that point's address but by Loading aLL stack data and 

145 aLL register vaLues (incLusiveLy CS and IP at Last) as 
has been actuaL when the task's program -fLow passed that 
point the Last time. This kind o-f "dump" must have been 
supported by the user's program when it passed that 
program address in the reguLar processing by writing aLL 

150 the data, i.e. stack and aLL register vaLues enhanced by 
the seL-f-descriptive information of how many bytes are 
saved, into a particuLar datasegment of appropriate size 
whose address must be saved at a distinctive memory 
address for being retrieved again. 

155 As theoreticaLLy the same program code may be processed 
whiLe using different tasks, the "dump" to the recovery 
point may onLy , be a L Lowed if the actuaL stack segment 
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vaLue is equaL to the stack segment value as retrieved 
from that datasegment . LegaL "jumps" to the same 
1S0 recovery point while being in different tasks must be 
matched . by using different, task specific datasegments 
for storing the recovery point's characterizing data. 

In case the user task specific exception handler does not 
try to exit by "jumping" to a recovery point or in case 

1S5 the attempted "dump" to a recovery point is rejected it 
wxLL terminate by the norma L 

subroutine— return-instruction which allows us to call the 
system master exception handler by using a task gate 
which in any particular program branch may either exit by 

170 "dumping" to any other recovery point or initiate the 
rebooting of the system. 

Using this method a computer system or an executed user 
program cannot crash anymore in all applicable 
situations. Multi-user-, multi-application, 

175 multitask— systems which otherwise might even deteriorate 
each other and wind up in sof trestarting/hardrestarting 
the entire system will benefit as each task will toe able 
to stay in fuUL control by its own. Without this method 
the exception detection capability may be considered as 

180 being disadvantageous, especially if less damage is 
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caused toy processing unde-fineci data rather than toy 
crashing the system; with it the user may tayLor his/hen 
modules to get the most out of the exception detection 
capability. 

185 The implementation of this invention is by its nature an 
ideal enhancement of any Operating System that has to 
reflect hardware specifics as is the detection of 
exceptions- Part of it can toe categorized as system 
configuration, part of it as Operating System service 

190 routines that are to be provided to the user, e.g. to 
"define a recovery point**, which essentially means to 
save the actual register and stack values in a 
retrievable way, or to "Jump to a recovery point", which 
means to retrieve and load these values into registers 

195 and stack, or to initialize involved data- 
in case it is applied "outside" of any standard Operating 
System it may improve dust those systems/devices (e-g. 
PC's) of those manufacturers that provide it in addition 
to/and overruling the Operating System, or in case it is 

200 applied "outside of the base system" but being a part of 
certain application software packages these may benefit 
e.g. by coping with internal errors or inproper data 
input by their customers. 
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Z. Patent cLaxms; 

1. Method to cope with the problems resulting -from 
software interrupt exceptions, which occur due to program 
errors rather being intended on purpose and which are 
detected by the INTEL-S02S6 CTM) or the IMTEL--803S6 (TM) 
5 processor while operating in PROTECTED MODE, by enabling 
the calling of a user task specific exception handlen 
upon the occurance of exceptions as may be given by 
software interrupt numbers 0,4,.5, 5,8,12,13,16 

whereby the method is characterized particularly, 
10 by using task gates for all respective entries in the 
interrupt descriptor table, i.e. for entries 

0,4,5,6,8,12,13,16, which may refer to task descriptors 
in the global descriptor table which may refer to task 
state segments which may refer to interrupt task 
15 programs, 

and by the activities of these interrupt task programs, 
which must pop the ERROR CODE however only in case the 
interrupt task programs are deterrtd.ned for the interrupts 
a>12 or 13,. while all of them must clear the 
20 TASK_SWITCHED bit of the machine status word and must 
modify the task state segment of the interrupted task so 
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that by executing the interrupt-return instruction a task 
switch back to the interrupted task wiLL occur in such a 
way that this task wiLL continue to run at a system 

25 centraL address, that then the address o-f the user task 
specific exception l-iandLer is avaiLabLe in a pair o-f 
suitabte registers, that then new data can safeLy be 
written into and read from the stack, i.e. that then the 
stackpointer and basepointer are set to the Limit minus 1 

30 of the actuaL stacksegment, that the 

data-segment-register and the extra-segment-register 
cannot cause a task switch error C interrupt 10) being 
expUicitLy set to any vaLid and present datasegment, 
and by then returning to the previousLy interrupted task, 

35 which means by continuing at a system centraL address, 

and by then caLLing the user task specific exception 
handLer whose address is avaiLabLe in a suitabLe pair of 
registers so that the individuaL appLication-dependent 
user task specific exception handLer, which may as weLL 

40 cause unintendend exceptions, may not wind up in doubLe 
f auLt or processor shutdown, 

and by the technique how to exit the user task specific 
exception handLer which is done by "Jumping" to a program 
point of the task, which I Like to caLL recovery point 
45 and which is appropriate to resume the norma L operation 
aft r having ing stigated and handLed the current probLem 
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situation from the user appLication' s point of view^ that 
is don© by retrieving and Loading aLL register vaUues and 
stack data as have been actuaL when the reguLar program 

50 processing passed the address of that recovery point at 
tne Last time prior to the occurance of the exception^ 
and by the technique how to store these register vaLues 
and s-back da-ba wnen the bask prognam passes a program 
point that is suitabLe for being retrieved upon the 

55 occurance of a software interrupt exception in order to 
resume the normat operation as is done by storing 
register vatues and stack data into a datasegment of 
appropriate size in a retrievabLe way i.e. together with 
additionaL seLf -descriptive in-formation as the number o-f 

60 stack words is a variabLe in-formation and by memorizing 
tne address of the datasegment at a weLL de-fined pUace. 

Z- Method to. cope with the probLems resuLting from 
software interrupt exceptions, which occur due to program 
errors rather being intended on purpose and which are 
65 detected by any microprocessor that provides the 
capabiLity to get to a separate program area upon the 
occurance of such exceptions and that provides as weLL an 
interrupt— return instruction -for counter-processing what 
has been processed due to the exception detection 
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70 which is characterized 

by taking preparations prior to the execution of the 
interrupt-^return instruction in such a way, 

that in the moment of executing the interrupt-return 
instruction aLL processor knowLedge and processor 

75 impact about the occured exception is cLeared and no 

further exception can be caused due to register 
vaLues as has been actuaL for the fauLting 
instruction, whereby registers and other data may 
^t-eety be modified to achieve this, 

80 that after the execution of the interrupt-return 

instruction the program wiLL continue at a certain 
system centra L address and not at the address of the 
-fauLting instruction, 

that then appropriate registers are set so that the 
as compLete stack is made avaitabLe, 

if necessary, that then the address of the user'^s 
exception handLer is available, 
by then executing the interrupt-return instruction, 
by then calling the user's exception handler which is 
90 supposed to investigate and handle the actual problem 
situation from the application dependent point of view 
and to determine the most suitable program point for 
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resuming the norma L operation, 

by enabLing the user'^s exception handLer to "dump" there 
95 which is done by retrieving aLL register vaLues and stacks 
data as has been actuaL when the reguLar program -fLow 
passed that program. . point the Last time prior to the 
occurence of the exception, 

by supporting such "dumps" which is done by saving aLL 
100 acruaL register vaLues and stack data in a rex:rievabLe 
way at moments when the reguLar program processing passes 
program points that are suitabLe -For being dumped— to -for 
resuming the norma L operation. 

3. Enhancement o-f any microprocessor that is abLe to 
105 detect exceptions which are de-fined according to its own 
speci-fic design and which typicaLLy occur due to the 
execution of errorprone programs rather being used on 
purpose 

which is characterized by 

110 providing an extended set . o-f assembLer code instructions, 
particuLarLy an assembLer code instruction -for assigning 
a task the address o-f a procedure to be determined as the 
task'^s exception handLer program, 

particuLarLy an assembLer code instruction -for creating a 
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115 recovery point, i.e. for saving aLL register vaLues and 
stack data as are valid when this instruction is invoked, 
whereby any kind of token is returned by an output 
parameter of any type, which can be used by another 
instruction to retrieve the hereby saved register vaLues 

120 and stack data and which is mentioned next, 

particuLarLy an assembler code instruction to Jump to a 
recovery point, i-e, to retrieve register vaLues and 
stack data due to an input parameter which contains the 
token that has been returned by the instruction dust 

125 mentioned Joef ore, 

and if necessary an assembler code instruction to release 
a recovery point, i.e. to release the required memory 
where stack data and register values of a program point 
are stored in case the overall design requires it to 

130 manage limitation aspects, 

so that the user has only to call the new instructions at 
the appropriate places, e.g. 

at the beginning of the task the one to assign a 
usei — task-specific exception handler, 
135 at an appropriate program point for the resuming of the 
normal operation of the task after the occurance of an 
exception the one to create a recovery point, 
at the end of any branch o-F the usei — tasK-speci-f ic 
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IS 



exception handuer the one to jump to a recovery point. 
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